echelon | f281eed68163245661609f462a0c6266_JaffaCakes118 | Triage

Sharing

General

Target

f281eed68163245661609f462a0c6266_JaffaCakes118
Size

674KB
MD5

f281eed68163245661609f462a0c6266
SHA1

11bc8632b1f40116589fd3b13be379bcac75e045
SHA256

f29c642e2962616de5f5a909c391bbe4292902a11ffa774203b03e8711c84c48
SHA512

66494ee26ed66746ee51c31254245f5746ae9a0170fc255e851ad66320680219b022c66518e2ff3d2d470dd2f9cba4237b9f2bc018da514ade6ec6dba6bdfbb6
SSDEEP

12288:mofpljJgZSsAjAuYcVWfs6MDMVqfBdcmDBujHhVP:7JwcAuv0fKMVqJdc3hVP

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_echelon

Echelon family
echelon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f281eed68163245661609f462a0c6266_JaffaCakes118

Files

f281eed68163245661609f462a0c6266_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\tommy\OneDrive\Bureau\Stealer\obj\Debug\FakeTC Cracked.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ